Experts slam Mac OS X security

mDNS worm hints at worse to come for Apple

Shares

An expert who claims to have a created a fully armed worm for the Mac OS X operating system has put the boot into security measures taken by programmers at Apple .

The worm exploits an mDNS flaw in Mac OS X's Bonjour network configuration tool which normally enables users to share printers, or automatically see other iChat AV users on the same network. The worm was created by an anonymous security expert at info Sec who posted details of the exploit on the Info Security Sellout blog.

Although the expert is keen to point out that he/she will eventually work with Apple to ensure the problem is fixed, they have some stinging comments to make about a previous Apple security fix for Bonjour and Mac OS X security in general.

"My worm is in the same code base, obviously, but that is where the similarity to the recently patched issues ends." the expert told Computerworld. "When Apple fixed the previous issues, they did not take care of the entire code base and there are a lot of bugs there some are exploitable, like the one I am using, while others are not. But the fact remains that Apple did a horrible job in fixing this package."

Apple has a long way to go

The expert then goes on to say:

"I do believe in being responsible and working with vendors, but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."